Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-8164 Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload — BeikeShop 6.3 Medium2024-08-26
CVE-2024-8089 SourceCodester E-Commerce System controller.php unrestricted upload — E-Commerce System 6.3 Medium2024-08-22
CVE-2024-7384 AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function — AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress 7.5 High2024-08-22
CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload — AdRotate Banner Manager 7.2 High2024-08-20
CVE-2024-7944 itsourcecode Laravel Property Management System DocumentsController.php UpdateDocumentsRequest unrestricted upload — Laravel Property Management System 6.3 Medium2024-08-20
CVE-2024-7943 itsourcecode Laravel Property Management System PropertiesController.php upload unrestricted upload — Laravel Property Management System 6.3 Medium2024-08-20
CVE-2024-43249 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability — Bit Form Pro 9.9 Critical2024-08-19
CVE-2024-7917 DouPHP Favicon system.php unrestricted upload — DouPHP 4.7 Medium2024-08-18
CVE-2024-7910 CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload — Online Railway Reservation System 4.7 Medium2024-08-18
CVE-2024-7906 DedeBIZ Attachment Settings select_images_post.php get_mime_type unrestricted upload — DedeBIZ 6.3 Medium2024-08-18
CVE-2024-7905 DedeBIZ archives_do.php AdminUpload unrestricted upload — DedeBIZ 6.3 Medium2024-08-18
CVE-2024-7904 DedeBIZ File Extension file_manage_control.php unrestricted upload — DedeBIZ 6.3 Medium2024-08-18
CVE-2024-7903 DedeBIZ File Extension media_add.php unrestricted upload — DedeBIZ 6.3 Medium2024-08-18
CVE-2023-0714 Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 8.1 High2024-08-17
CVE-2024-39397 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434) — Adobe Commerce 9.0 Critical2024-08-14
CVE-2024-4389 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload — Depicter — Popup & Slider Builder 8.8 High2024-08-14
CVE-2024-43160 WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability — BerqWP 10.0 Critical2024-08-13
CVE-2024-6823 Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action — Media Library Assistant 8.8 High2024-08-13
CVE-2024-41731 Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence Platform 3.1 Low2024-08-13
CVE-2024-28166 Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence Platform 3.7 Low2024-08-13
CVE-2024-42375 Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence Platform 4.3 Medium2024-08-13
CVE-2024-7706 Fujian mwcms uploadfile.html uploadimage unrestricted upload — mwcms 4.7 Medium2024-08-12
CVE-2024-7705 Fujian mwcms Image Upload uploadeditor.html uploadeditor unrestricted upload — mwcms 4.7 Medium2024-08-12
CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php" — openeclass 9.8 Critical2024-08-12
CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload — ThreatSonar Anti-Ransomware 7.2 High2024-08-12
CVE-2024-7506 itsourcecode Tailoring Management System setlogo.php unrestricted upload — Tailoring Management System 6.3 Medium2024-08-06
CVE-2024-7500 itsourcecode Airline Reservation System admin_class.php save_settings unrestricted upload — Airline Reservation System 6.3 Medium2024-08-06
CVE-2024-6315 Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload — Blox Page Builder 8.8 High2024-08-06
CVE-2024-7484 CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload — CRM Perks Forms – WordPress Form Builder 7.2 High2024-08-06
CVE-2024-7495 itsourcecode Laravel Accounting System HomeController.php unrestricted upload — Laravel Accounting System 6.3 Medium2024-08-06

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.